sutton050

In the 1990's it was common to have to tell folks not to use "popular" password, like "sex", or "god", believe it or not even "password" and "secret".  Since then times have moved on, folks have become very adept at using other characters in their passwords... Unfortunately, this is (very seriously) what one of our IT bods here has just found on a machine: Props to the user for mixing in some numbers, a word and a symbol, however... We can all see the flaw in their storing the password. (Thanks to our IT Manager for letting me use his picture - it is a lovely left hand, I wonder if he does hand modelling?)

So, in a prior post I made you aware of the situation with myself and Virgin for my services, well... Whilst talking to them they wanted me to give them the "First and Fifth" letter of my security password... I apparently got this wrong.... "Give me the fourth and the eight".... I apparently got this wrong.... "Just give me the password...." No. This is terrible security, and I said this to them, I asked if they can see my password "yes".  So their system stores my password, in plain text. I said to the chap "This should be stored as the salted hash of the password, not the actual password, and you should not use it as part of my accessing the account over the phone".  This is the password to access your account, your VirginMedia e-mail, basically everything. Now, I don't know if this guy was fishing for my whole password bit by bit, or whether he was genuinely looking at the whole thing and just asking for letters, of if he just h...